CVE-2015-5383 — Sensitive Information Exposure in Webmail

CWE-200 — Sensitive Information Exposure8 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.8%

top 17.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Roundcube Webmail Roundcube Webmail

Timeline

PublishedMay 23

Latest updateMay 14

Description

Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Ubunturoundcube/roundcube_webmail< 1.2~beta+dfsg.1-0ubuntu1

▶NVDroundcube/webmail1.1

▶NVDroundcube/roundcube_webmail1.1.1

Patches

Patch: www.openwall.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-h6p8-6wgc-vh4r: Roundcube Webmail 1↗2022-05-14

▶

CVEList

CVE-2015-5383: Roundcube Webmail 1↗2017-05-23

▶

OSV

CVE-2015-5383: Roundcube Webmail 1↗2017-05-23

▶

📋Vendor Advisories

Debian

CVE-2015-5383: roundcube - Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive...↗2015

▶

💬Community

Bugzilla

CVE-2015-5383 CVE-2015-5382 CVE-2015-5381 roundcubemail: vulnerabilities fixed in 1.1.2 and 1.0.6 [epel-all]↗2015-07-08

▶

Bugzilla

CVE-2015-5383 CVE-2015-5382 CVE-2015-5381 roundcubemail: vulnerabilities fixed in 1.1.2 and 1.0.6 [fedora-all]↗2015-07-08

▶

Bugzilla

CVE-2015-5381 CVE-2015-5382 CVE-2015-5383 roundcubemail: vulnerabilities fixed in 1.1.2 and 1.0.6↗2015-07-08

▶